Has anyone else noticed election.com is using only weak crypto to
protect ICANN vote transactions?
Date: Tue Oct 3 23:39:39 2000
Site: vote.election.com
Port: 443
Resolves to:
FQDN: 'vote.election.com'
Address: '209.208.173.139'
209.208.173.139:
TCP connected (trying TLS)
connected as 'TLSv1'
Protection suite:
Identifier: EXP-RC4-MD5
Authentication: RSA
Key exchange: RSA(512) (*** WEAK ***)
Encryption: RC4(40) (*** VERY WEAK ***)
MAC: MD5
*** SECURITY IS WEAK ***
Site certificate:
Subject: C=US, ST=New York, L=Garden City, O=election.com Inc.,
OU=Election Services Department, OU=Terms of use at
www.verisign.com/rpa (c)00, CN=vote.election.com
Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server
Certification Authority
Validity:
Not Before: Sep 19 00:00:00 2000 GMT
Not After : Sep 19 23:59:59 2001 GMT
*** Certificate verified ***
TCP connected (trying SSLv3)
connected as 'SSLv3'
Protection suite:
Identifier: EXP-RC4-MD5
Authentication: RSA
Key exchange: RSA(512) (*** WEAK ***)
Encryption: RC4(40) (*** VERY WEAK ***)
MAC: MD5
*** SECURITY IS WEAK ***
Site certificate:
Subject: C=US, ST=New York, L=Garden City, O=election.com Inc.,
OU=Election Services Department, OU=Terms of use at
www.verisign.com/rpa (c)00, CN=vote.election.com
Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server
Certification Authority
Validity:
Not Before: Sep 19 00:00:00 2000 GMT
Not After : Sep 19 23:59:59 2001 GMT
*** Certificate verified ***
TCP connected (trying SSLv2)
connected as 'SSLv2'
*** remote site closed connection ***